bdcd9fd91cb76bcb7a27a5696877ce594e5351b8fe5b4a7866b24c28a1e0bac4

Analysis

max time kernel
89s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:52

Target

189814e9bc6aef8745ec3a3ff91b9dab.dll
Size

359KB
MD5

189814e9bc6aef8745ec3a3ff91b9dab
SHA1

54e3921d3b900f033c5976340c27cfdd8ad885ad
SHA256

bdcd9fd91cb76bcb7a27a5696877ce594e5351b8fe5b4a7866b24c28a1e0bac4
SHA512

aaba95ee9f71ac224440e428d9e266f066f9b3fe2e31dca6d25b60ed15d25f3bdcd4111faa30cafb5933cc643a58858a0d92f82c47f13eee0c388100b126c3bf
SSDEEP

6144:BwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:CkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 3480	4824	rundll32.exe	89
PID 4824 wrote to memory of 3480	4824	rundll32.exe	89
PID 4824 wrote to memory of 3480	4824	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\189814e9bc6aef8745ec3a3ff91b9dab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\189814e9bc6aef8745ec3a3ff91b9dab.dll,#1
  2⤵
  PID:3480

memory/3480-0-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/3480-1-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download